01/25/2016

The Director of the NSA Endorses Encryption

by Neil Farquharson

Admiral Michael S. Rogers

Over the weekend, I caught up with the recent activity at the Atlantic Council in Washington, D.C. They’d managed to entice Admiral Michael S. Rogers, who is not only the Commander of U.S. Cyber Command, but also the current Director of the National Security Agency (NSA) to appear. During a live presentation followed by an hour long interview, Admiral Rogers displayed great passion about a number of issues, including the “increased apertures of exposure” created by the constant connectivity provided by mobile devices; describing the Internet of Things (IoT) as a “double edged sword,” and listing – very succinctly in my view – many of the pros and cons of IoT. However what really stood out for me was his firm belief in encryption. In a clear rap on the knuckles for the naysayers, Admiral Rogers stated:

“Encryption is foundational to the future. So spending time arguing about [it is] a waste of time to me.”

So just why has email encryption taken such a long time to be adopted by mainstream businesses? It is to do with perception, based on old ideas. For many years, a browser search on email encryption would bring up PGP (Pretty Good Privacy), a then groundbreaking computer application created by Phil Zimmermann back in 1991. PGP was arguably the best implementation of public-key encryption, a system where two key parts, a public key and a private key, could be utilized to encrypt and decrypt messages respectively. However, unless the sender and receiver worked out a way to exchange their public keys, third parties were required to become certificate authorities who would vouch for the authenticity of each and every key. Hence well-funded organizations needed to volunteer to become certificate authorities, and even then, how could the lay-person know that a self-proclaimed certificate authority was legitimate. Consequently, PGP became either the hobby of engineers and IT specialists, or was adopted by large multinationals who could afford the IT personnel and infrastructure to support it. It remained out of reach for most businesses. And there it stayed until recently, as breaches – large and small – repeatedly hit the headlines. Many companies have been looking at modern day email encryption solutions and, as well as finding that some email encryption solutions are easy-to-use and seamless to integrate, they’ve discovered that there are only a few major encryption vendors offering solutions that are truly usable by their non-technical employees. One of these vendors, Zix, is well known for several state-of-the-art functions that make the exchange of encrypted email both secure and easy to use. Firstly, transparency means that for the majority of users, emails are sent by simply pressing “Send,” and appear in the recipient’s inbox already decrypted. It’s a completely frictionless process for both sender and receiver. Secondly, ZixDirectory is the largest shared infrastructure of public email encryption keys in the world: it is accessed automatically whenever the sender presses “Send.” Thirdly, Zix invented and trademarked Best Method of Delivery (BMOD), a method for ensuring that every secure email is not only delivered securely, but also is presented to the recipient in the most easily accessible way. If like Admiral Rogers, you believe that encryption is foundational to our future, have a look at Zix Email Encryption and then give us a call.